Les anglonautes

About | Search | Grammar | Vocapedia | Learning | News podcasts | Videos | History | Arts | Science | Translate and listen

 Previous Home Up Next

 

Vocapedia > Technology > Internet > Cybercrime

 

Cybercrime / theft / security,

Malware, Viruses, Worms,

Thieves, Fraudsters, Spammers

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

secure computer network

 

 

 

 

 cryptography

 

 

 

 

encode

 

 

 

 

encoded

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

computer security        UK / USA

 

https://www.nytimes.com/topic/subject/
computer-security-cybersecurity

 

 

https://www.theguardian.com/technology/
data-computer-security  

 

 

 

 

 

 

 

online banking > security loophole        UK

 

http://www.theguardian.com/technology/2006/aug/11/
news.money 

 

 

 

 

 

 

 

data and computer security        UK

 

https://www.theguardian.com/technology/data-computer-security 

 

 

 

 

 

 

 

cybersecurity        USA

 

https://www.npr.org/sections/coronavirus-live-updates/2020/03/30/
822687397/cybersecurity-lawyer-who-flagged-the-who-hack-warns-of-massive-remote-work-risks

 

http://www.npr.org/sections/health-shots/2017/07/26/
539290596/hospitals-face-growing-cybersecurity-threats

 

http://www.npr.org/sections/alltechconsidered/2016/10/21/
498804722/cyber-aggression-takes-a-back-seat-to-other-presidential-campaign-issues

 

http://www.npr.org/sections/alltechconsidered/2015/10/27/
452338925/senate-approves-cybersecurity-bill-what-you-need-to-know

 

http://www.nytimes.com/2014/06/03/
science/automating-cybersecurity.html

 

 

 

 

 

 

 

cybersecurity threats        USA

 

http://www.npr.org/sections/health-shots/2017/07/26/
539290596/hospitals-face-growing-cybersecurity-threats

 

 

 

 

 

 

 

cybersecurity bill        USA

 

http://www.npr.org/sections/alltechconsidered/2015/10/27/
452338925/senate-approves-cybersecurity-bill-what-you-need-to-know

 

 

 

 

 

 

 

Pentagon > Cybersecurity force        USA

 

http://www.nytimes.com/2013/01/28/us/
pentagon-to-beef-up-cybersecurity-force-to-counter-attacks.html

 

 

 

 

 

 

 

U.S. Cyber Agency        USA

 

https://us-cert.cisa.gov/ncas/alerts/aa20-352a

 

 

https://www.npr.org/2020/12/15/
946776718/u-s-scrambles-to-understand-major-computer-hack-but-says-little

 

 

 

 

 

 

 

Russia > cyber intelligence team        USA

 

https://www.npr.org/2020/12/21/
948780958/former-government-cybersecurity-head-blames-russian-intelligence-for-massive-hac

 

 

 

 

 

 

 

use exploits (security holes)

 

 

 

 

 

 

 

clog traffic        USA

 

http://www.nytimes.com/2013/03/28/
technology/attacks-on-spamhaus-used-internet-against-itself.html

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

cyber criminal        UK

http://www.guardian.co.uk/technology/2012/feb/19/
war-cyber-worm-attack-internet

 

 

 

 

cybercriminal        USA

https://www.whitehouse.gov/the-press-office/2015/04/01/
executive-order-blocking-property-certain-persons-engaging-significant-m

 

http://www.nytimes.com/2014/01/18/
business/a-sneaky-path-into-target-customers-wallets.html

 

 

 

 

hit        USA

http://www.nytimes.com/2013/01/09/
technology/online-banking-attacks-were-work-of-iran-us-officials-say.html

 

 

 

 

security hole / hole

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Obama On Russian Hacking: 'We Need To Take Action. And We Will'    16 December 2016

 

 

 

 

Obama On Russian Hacking: 'We Need To Take Action. And We Will'        Video        Morning Edition        NPR        16 December 2016

YouTube

https://www.youtube.com/watch?v=Z5Z1WN_aaRw

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Illustration:
Bendik Kaltenborn

 

It’s a Whole New Paranoid World

NYT

MARCH 21, 2015

https://www.nytimes.com/2015/03/22/
opinion/sunday/its-a-whole-new-paranoid-world.html

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ransom        USA

 

http://www.npr.org/sections/thetwo-way/2016/02/17/
467149625/la-hospital-pays-hackers-nearly-17-000-to-restore-computer-network

 

 

 

 

 

 

 

ransomware        USA

 

https://www.npr.org/2019/05/21/
725118702/ransomware-cyberattacks-on-baltimore-put-city-services-offline

 

http://www.npr.org/sections/thetwo-way/2017/06/28/
534679950/petya-ransomware-hits-at-least-65-countries-microsoft-traces-it-to-tax-software

http://www.npr.org/sections/alltechconsidered/2017/05/16/
528447819/long-before-wannacry-ransomware-decades-of-cyber-wake-up-calls

https://www.nytimes.com/2017/05/14/
world/europe/cyberattacks-hack-computers-monday.html

http://www.npr.org/sections/thetwo-way/2017/05/14/
528355526/repercussions-continue-from-global-ransomware-attack

http://www.npr.org/sections/thetwo-way/2017/05/12/
528119808/large-cyber-attack-hits-englands-nhs-hospital-system-ransoms-demanded

 

 

 

 

 

 

 

'WannaCry' ransomware        May 2017        USA

 

http://www.npr.org/sections/alltechconsidered/2017/05/16/
528447819/long-before-wannacry-ransomware-decades-of-cyber-wake-up-calls

 

http://www.npr.org/sections/alltechconsidered/2017/05/16/
528570788/from-kill-switch-to-bitcoin-wannacry-showing-signs-of-amateur-flaws

 

 

 

 

 

 

 

 

 

 

 

 

 

 

firewall

 

http://www.reuters.com/article/2011/06/14/us-
cybersecurity-usa-senate-idUSTRE75C5JI20110614

 

 

 

 

 

 

 

 

 

 

 

 

 

 

breach

http://www.npr.org/2017/09/14/
550949718/after-equifax-data-breach-consumers-are-largely-on-their-own

 

 

 

 

security breach

http://www.nytimes.com/2013/10/04/
technology/adobe-announces-security-breach.html

 

http://www.guardian.co.uk/technology/2013/feb/02/
twitter-hacked-accounts-reset-security

 

 

 

 

data breach        UK

http://www.guardian.co.uk/technology/blog/2011/may/03/
sony-data-breach-online-entertainment

 

 

 

 

credit card data breach        USA

http://www.nytimes.com/2012/10/24/
business/hackers-get-credit-data-at-barnes-noble.html

 

 

 

 

computer breach        USA

http://bits.blogs.nytimes.com/2014/02/19/
university-of-maryland-computer-breach-exposes-records-of-students-and-staff/

 

http://www.nytimes.com/2011/05/13/us/
politics/13obama.html

 

 

 

 

breach        USA

http://www.nytimes.com/2014/09/05/us/
hackers-breach-security-of-healthcaregov.html

 

http://bits.blogs.nytimes.com/2013/02/15/
facebook-admits-it-was-hacked/

 

 

 

 

cyber stealth        USA

http://www.npr.org/sections/thetwo-way/2016/04/29/
476070445/u-s-steel-says-china-is-using-cyber-stealth-to-steal-its-secrets

 

 

 

 

 

 

 

 

 

 

 

 

 

 

pirate        USA

http://www.usatoday.com/tech/products/cnet/2006-10-04-
vista-piracy_x.htm

 

 

 

 

Internet piracy

http://www.nytimes.com/2011/06/09/
opinion/09thu1.html

 

http://www.independent.co.uk/life-style/gadgets-and-tech/news/
internet-users-face-bills-for-piracy-crackdown-1519428.html

 

http://www.guardian.co.uk/technology/2008/feb/12/
piracy.politics

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Trojan (horse)

 

An innocent-looking program

concealing destructive intentions.        UK

 

http://www.guardian.co.uk/technology/2009/nov/18/
zbot-zeus-trojan-malware

 

 

 

 

 

 

 

Pharming

 

Hijacking online bank customers

by infecting web browsers.

 

They are redirected

to fake internet sites

and asked

to disclose account details.

 

http://www.guardian.co.uk/
online/news/0,12597,1504232,00.html - broken link

 

 

 

 

 

 

 

fake websites        USA

 

https://www.nytimes.com/2020/05/13/
technology/personaltech/pandemic-scams.html

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

phishing        USA

 

Phishing

uses an innocent-looking email

to entice unwary recipients

to click on a deceptive link,

giving hackers access

to their information or a network.

 

In “spear-phishing,”

the email is tailored

to fool a specific person.

http://www.nytimes.com/2016/12/13/us/politics/russia-hack-election-dnc.html

 

https://www.nytimes.com/2020/04/17/
your-money/coronavirus-fraud.html

 

https://www.npr.org/sections/coronavirus-live-updates/2020/03/30/
822687397/cybersecurity-lawyer-who-flagged-the-who-hack-
warns-of-massive-remote-work-risks

 

http://www.nytimes.com/2016/12/13/us/
politics/russia-hack-election-dnc.html

 

 

 

 

 

 

 

Phishing        UK / USA

 

Sending out emails

telling online account customers

they must reconfirm IDs and passwords.

 

When they hit reply

they are sent

to a cloned web page.

 

http://www.guardian.co.uk/technology/2009/oct/06/
gmail-yahoo-aol-phishing-scam

 

http://www.nytimes.com/2008/04/16/
technology/16whale.html

 

 

 

 

 

 

 

phishing email        USA

 

http://www.npr.org/sections/thetwo-way/2017/05/03/
526785635/did-you-get-a-weird-invitation-to-edit-a-google-doc-its-best-not-to-click

 

 

 

 

 

 

 

phishing attack

 

http://blogs.reuters.com/prism-money/2011/04/04/
email-theft-5-ways-to-avoid-phishing-attacks/

 

 

 

 

 

 

 

spear-phishing

 

http://www.nytimes.com/2016/12/13/us/
politics/russia-hack-election-dnc.html

 

http://www.reuters.com/article/2011/04/05/us-
hackers-epsilon-idUSTRE7336DZ20110405

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Key logging

 

Programs

which record keystrokes

and can be used to retrieve

credit card and PIN numbers.

 

http://www.guardian.co.uk/online/news/0,12597,1504232,00.html - broken link

 

 

 

 

 

 

 

 

 

 

 

 

 

 

malicious program / software

malware

 

Umbrella term

for assorted malicious software programs

which sabotage your computer.

https://www.theguardian.com/technology/
malware 

 

 

http://www.npr.org/sections/thetwo-way/2017/05/12/
528119808/large-cyber-attack-hits-englands-nhs-hospital-system-ransoms-demanded

 

http://www.npr.org/sections/alltechconsidered/2016/04/01/
472693703/malware-attacks-on-hospitals-put-patients-at-risk

 

http://www.nytimes.com/2015/02/15/world/
bank-hackers-steal-millions-via-malware.html

 

http://www.theguardian.com/technology/2013/nov/12/
international-space-station-virus-epidemics-malware

http://www.nytimes.com/2013/01/01/
technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html

 

http://www.nytimes.com/2011/02/13/science/13stuxnet.html

 

http://www.nytimes.com/2010/11/15/technology/15worm.html

http://www.nytimes.com/2010/09/27/technology/27virus.html

http://www.guardian.co.uk/technology/2010/sep/24/stuxnet-worm-national-agency

http://bits.blogs.nytimes.com/2010/09/24/malware-hits-computerized-industrial-equipment/

 

http://www.nytimes.com/2009/12/14/technology/internet/14virus.html

http://www.guardian.co.uk/technology/2009/nov/18/zbot-zeus-trojan-malware

 

http://www.usatoday.com/tech/news/computersecurity/wormsviruses/2006-06-12-
microsoft-bots_x.htm

 

 

 

 

malicious files        USA

http://www.npr.org/sections/thetwo-way/2017/05/03/
526785635/did-you-get-a-weird-invitation-to-edit-a-google-doc-its-best-not-to-click

 

 

 

 

malware attack        USA

http://www.npr.org/sections/alltechconsidered/2016/04/01/
472693703/malware-attacks-on-hospitals-put-patients-at-risk

 

 

 

 

strains of malware        USA

http://www.nytimes.com/2013/01/01/
technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html

 

 

 

 

bit of malware        USA

http://www.nytimes.com/2010/09/27/
technology/27virus.html

 

 

 

 

malwebolence        USA

http://www.nytimes.com/2008/08/03/
magazine/03trolls-t.html

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Zombies

 

Online computers

that have been infected by trojans

and can then be remotely controlled

to churn out spam emails at targeted sites.

http://www.guardian.co.uk/
online/news/0,12597,1504232,00.html - broken link

 

 

 

 

 

 

 

Bots

 

Programs used

to infect and control computers

which are then turned into zombies.

http://www.guardian.co.uk/
online/news/0,12597,1504232,00.html - broken link

 

 

 

 

 

 

 

fraud

 

 

 

 

 

 

 

identity fraud        UK

 

https://www.theguardian.com/money/
identityfraud 

 

 

 

 

 

 

 

fraudster        USA

 

https://www.nytimes.com/2020/05/13/
technology/personaltech/pandemic-scams.html

 

 

 

 

 

 

 

flaw

 

 

 

 

 

 

 

massive security flaw        USA

 

http://www.npr.org/2014/04/08/
300653685/massive-security-flaw-picks-the-padlock-on-much-of-the-internet

 

 

 

 

break into computers

 

 

 

 

break into N's system

 

 

 

 

steal

http://www.nytimes.com/2011/06/02/
technology/02google.html

http://www.guardian.co.uk/technology/2011/apr/04/
epsilon-email-hack

 

 

 

 

steal files, delete data

or eavesdrop on sensitive information

 

 

 

 

repairing patch

 

 

 

 

 

 

 

 

 

 

 

 

 

 

email / email

 

 

 

 

 

 

 

spam / electronic junk mail / junk e-mail

 

https://www.theguardian.com/technology/
spam 

 

 

http://www.guardian.co.uk/lifeandstyle/2011/apr/09/
efficient-spam-filters-information-overload-burkeman

 

http://www.usatoday.com/tech/news/2008-11-30-
cyber-monday-scams_N.htm

 

https://www.theguardian.com/money/2007/feb/10/creditcards.debt 

 

http://www.usatoday.com/money/industries/technology/2006-07-23-
sneaky-spam_x.htm

https://www.theguardian.com/technology/2006/apr/20/security.news 

http://www.economist.com/agenda/displayStory.cfm?story_id=4269099

 

 

 

 

 

 

 

spammer

 

 

 

 

 

 

 

software filters

 

 

 

 

inbox

 

 

 

 

inboxes clogged with emails

 

 

 

 

bombard email inboxes

 

 

 

 

outbox

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

cybercrime / Internet crime        UK / USA

 

https://www.theguardian.com/technology/
cybercrime

 

 

https://www.npr.org/2020/01/15/
796252827/coaxing-cops-to-tackle-cybercrime-theres-an-app-for-that

 

https://www.npr.org/2019/11/18/
778894491/cybercrime-booms-as-scammers-hack-human-nature-to-steal-billions

 

 

 

 

http://www.npr.org/sections/alltechconsidered/2015/10/12/
445267832/as-cybercrime-proliferates-so-does-demand-for-insurance-against-it

 

 

 

 

http://www.theguardian.com/technology/2013/jul/30/
britain-losing-war-against-internet-crime

 

http://www.guardian.co.uk/technology/2013/may/12/
20-ways-keep-internet-identity-safe

 

 

 

 

http://www.guardian.co.uk/technology/2012/feb/02/
mps-media-campaign-awareness-cybercrime

 

 

 

 

http://www.guardian.co.uk/technology/2011/sep/21/
cybercrime-spam-phishing-viruses-malware

 

http://blogs.reuters.com/columns/2011/06/16/
amid-global-cybercrime-accidental-hacks-risk-jail/

 

 

 

 

 

 

 

cybercrime blog > Krebs on Security

 

https://krebsonsecurity.com/

 

 

http://www.nytimes.com/2014/02/17/
technology/reporting-from-the-webs-underbelly.html

 

 

 

 

 

 

 

cybersecurity        USA

http://www.nytimes.com/2010/01/14/
technology/14google.html

 

 

 

 

cybersecurity flaw        USA

http://www.nytimes.com/2014/04/29/us/
white-house-details-thinking-on-cybersecurity-gaps.html

 

 

 

 

security hole

 

 

 

 

cyber theft

http://www.reuters.com/article/2011/04/13/
us-cybersecurity-coreflood-idUSTRE73C7NQ20110413

 

 

 

 

cyber-theft

https://www.npr.org/2020/02/10/
804501991/chinese-hackers-charged-in-alleged-cyber-theft-of-145-million-americans-data

 

 

 

 

credit card hacks

 

 

 

 

cellphone hackers        USA

http://www.nytimes.com/2011/09/28/
technology/companies-see-opportunity-in-stopping-cellphone-hackers.html

 

 

 

 

web gang        USA

http://www.nytimes.com/2012/01/17/
technology/koobface-gang-that-used-facebook-to-spread-worm-operates-in-the-open.html

 

 

 

 

Gang stole $45m

from cash machines

across globe in hours,

say prosecutors        10 May 2013

 

'Virtual criminal flash mob'

used bogus swipe cards

loaded with data

from hacked bank databases

to commit thousands of thefts

http://www.guardian.co.uk/world/2013/may/10/us-
crime-debit-cards
 

 

 

 

 

cyber crook / cyber criminal

 

 

 

 

cyber-gangster

 

 

 

 

cyberstalker

 

 

 

 

honey pot

 

 

 

 

 

 

 

 

 

 

 

 

 

 

worm        UK

http://www.guardian.co.uk/technology/2012/feb/19/
war-cyber-worm-attack-internet

 

http://www.guardian.co.uk/technology/2010/sep/24/
stuxnet-worm-national-agency

 

 

 

 

worm        USA

http://www.nytimes.com/2011/01/16/
world/middleeast/16stuxnet.html

 

http://www.usatoday.com/tech/news/computersecurity/2006-02-02-
worm-warning_x.htm

 

 

 

 

The "Stuxnet" computer worm

- one of the "most refined pieces of malware

ever discovered"

http://www.nytimes.com/2011/01/27/
opinion/27Gibson.html

http://www.nytimes.com/2011/01/16/world/middleeast/
16stuxnet.html

 

http://www.nytimes.com/2010/09/30/world/middleeast/
30worm.html

http://www.nytimes.com/2010/09/27/
technology/27virus.html

http://www.guardian.co.uk/technology/2010/sep/24/
stuxnet-worm-national-agency

 

 

 

 

e-mail worm        USA

http://www.usatoday.com/tech/news/computersecurity/2006-01-30-
email-virus_x.htm

 

 

 

 

mass-mailing worm

 

 

 

 

"Conficker/Downadup" worm        UK

http://www.guardian.co.uk/media/2009/feb/13/
microsoft-offers-250k-bounty-conficker-worm

 

 

 

 

digital worm

 

 

 

 

self-replicating computer worm

 

 

 

 

worm writer

 

 

 

 

worm and virus creators

 

 

 

 

virus > I love you        UK

http://www.theguardian.com/world/2000/may/05/
jamesmeek

 

 

 

 

virus > Melissa        UK

http://www.theguardian.com/technology/2002/may/02/
viruses.security

 

 

 

 

vkirus > Code Red        UK

http://www.theguardian.com/technology/2001/aug/31/
viruses.security

 

 

 

 

 

 

 

 

 

 

 

 

 

 

cyber crime cases

 

 

 

 

cybercop

 

 

 

 

cybersleuth

 

 

 

 

digital detectives        UK

http://www.theguardian.com/technology/2005/apr/28/
newmedia.media

 

 

 

 

cyber crook / cyber criminal        UK

http://www.theguardian.com/technology/2005/aug/04/
security.onlinesupplement 

 

 

 

 

spam gang / spam operator        UK

http://www.theguardian.com/technology/2005/aug/10/
microsoft.business 

 

 

 

 

fraud on the internet

 

 

 

 

cyber fraudster / hoaxer

 

 

 

 

 

 

 

 

 

 

 

 

 

 

rogue program        USA

http://www.nytimes.com/2010/09/30/world/middleeast/
30worm.html

 

 

 

 

Conficker Worm Targets Microsoft Windows Systems        2009

https://www.us-cert.gov/ncas/alerts/TA09-088A

 

 

 

 

disable anti-virus protection

 

 

 

 

destroy files

 

 

 

 

infected PC

 

 

 

 

tainted e-mail

 

 

 

 

a program to steal log-ons and passwords

 

 

 

 

password        USA

http://www.nytimes.com/2011/06/02/
technology/02google.html

 

 

 

 

attachment

 

 

 

 

open

 

 

 

 

install a back door

 

 

 

 

spread

http://www.theguardian.com/technology/2013/nov/12/
international-space-station-virus-epidemics-malware

 

 

 

 

infect

 

 

 

 

overload

 

 

 

 

ping

 

 

 

 

gain remote access to a computer

 

 

 

 

take over the computer

 

 

 

 

sneak into a computer

 

 

 

 

program

 

 

 

 

record the owner's keystrokes

 

 

 

 

keylogging software

 

 

 

 

passwords / credit card details

 

 

 

 

denial-of-service attacks        UK / USA

 

overwhelm a server with traffic

like hundreds of letters being jammed

through a mail slot at the same time

http://www.guardian.co.uk/technology/2013/apr/26/
dutch-arrested-spamhaus-cyberattacks

 

http://www.npr.org/sections/thetwo-way/2017/05/09/
527674171/fcc-experiences-denial-of-service-attacks-senators-respond

 

http://www.guardian.co.uk/technology/2013/apr/26/
dutch-arrested-spamhaus-cyberattacks

 

 

 

 

launch a denial of service attack

 

 

 

 

cyberattack        USA

https://www.npr.org/2021/04/16/
985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack

 

 

 

 

cyber war

 

 

 

 

cyberwarfare        USA

http://www.nytimes.com/2015/02/26/
opinion/arms-control-for-a-cyberage.html

 

 

 

 

clog networks

 

 

 

 

network security expert

 

 

 

 

computer security software

http://www.nytimes.com/2009/07/06/
technology/business-computing/06virus.html

 

 

 

 

patch

 

 

 

 

 

 

 

 

 

 

 

 

 

 

virus, viruses        UK / USA

 

https://www.theguardian.com/technology/
viruses

 

 

http://www.nytimes.com/2012/12/06/
technology/ransomware-is-expanding-in-the-united-states.html

 

http://www.guardian.co.uk/technology/2010/oct/07/
microsoft-virus-computers-quarantined

 

http://www.nytimes.com/2005/08/17/technology/17virus.html

 

 

 

 

digital mischief makers        USA

http://www.nytimes.com/2013/01/01/
technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html

 

 

 

 

cybersecurity > antivirus industry / makers / software        USA

http://www.npr.org/sections/alltechconsidered/2015/08/10/
431247980/kaspersky-lab-a-cybersecurity-leader-with-ties-to-russian-govt

 

http://www.nytimes.com/2013/01/01/
technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html

 

 

 

 

make anti-virus software

 

 

 

anti-virus and anti-spyware tools

 

 

 

 

propagate

 

 

 

 

corporate network

 

 

 

 

incapacitate / confuse / ruin PCs

 

 

 

 

Trojan horse viruses

 

 

 

 

bring down

 

 

 

 

install security patches to protect computers

 

 

 

 

up-to-date virus checker

 

 

 

 

up-to-date antivirus software

 

 

 

 

bug        UK

http://www.theguardian.com/technology/2014/apr/08/
heartbleed-bug-puts-encryption-at-risk-for-hundreds-of-thousands-of-servers

 

 

 

 

bug > Heartbleed        USA        April 2014

http://www.nytimes.com/2014/04/19/technology/
heartbleed-highlights-a-contradiction-in-the-web.html

http://www.npr.org/blogs/thetwo-way/2014/04/17/
304138123/police-in-canada-make-arrest-related-to-heartbleed-bug

http://www.nytimes.com/2014/04/10/technology/
users-stark-reminder-as-web-grows-it-grows-less-secure.html

http://www.theguardian.com/technology/2014/apr/10/
heartbleed-bug-everything-you-need-to-know-to-stay-secure

http://www.theguardian.com/technology/2014/apr/09/
heartbleed-dont-rush-to-update-passwords-security-experts-warn

http://www.npr.org/blogs/alltechconsidered/2014/04/09/
301006236/what-to-do-now-that-the-heartbleed-bug-exposed-the-internet

http://www.theguardian.com/technology/2014/apr/08/
heartbleed-bug-puts-encryption-at-risk-for-hundreds-of-thousands-of-servers

http://www.npr.org/blogs/alltechconsidered/2014/04/08/
300602785/the-security-bug-that-affects-most-of-the-internet-explained

 

 

 

 

stay secure

http://www.theguardian.com/technology/2014/apr/10/
heartbleed-bug-everything-you-need-to-know-to-stay-secure

 

 

 

 

internet firewall

 

 

 

 

 

 

 

 

 

 

 

 

 

 

cyberinsurance

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Symantec

 

Symantec Corporation (Symantec)

is a global provider of security, storage,

and systems management solutions

that help businesses and consumers

secure and manage

their information and identities.        USA

http://topics.nytimes.com/top/news/business/companies/symantec_corporation/index.html

 

https://www.nytimes.com/topic/company/
symantec-corporation

 

 

http://www.nytimes.com/2012/03/27/
technology/symantec-dissolves-alliance-with-huawei-of-china.html

 

 

 

 

 

 

 

 

 

Corpus of news articles

 

Technology > Internet > Cybercrime / theft

 

Spammers, Fraudsters

 

 

 

Web Gang Operating in the Open

 

January 16, 2012
The New York Times
By RIVA RICHMOND

 

Five men believed to be responsible for spreading a notorious computer worm on Facebook and other social networks — and pocketing several million dollars from online schemes — are hiding in plain sight in St. Petersburg, Russia, according to investigators at Facebook and several independent computer security researchers.

The men live comfortable lives in St. Petersburg — and have frolicked on luxury vacations in places like Monte Carlo, Bali and, earlier this month, Turkey, according to photographs posted on social network sites — even though their identities have been known for years to Facebook, computer security investigators and law enforcement officials.

One member of the group, which is popularly known as the Koobface gang, has regularly broadcast the coordinates of its offices by checking in on Foursquare, a location-based social network, and posting the news to Twitter. Photographs on Foursquare also show other suspected members of the group working on Macs in a loftlike room that looks like offices used by tech start-ups in cities around the world.

Beginning in July 2008, the Koobface gang aimed at Web users with invitations to watch a funny or sexy video. Those curious enough to click the link got a message to update their computer’s Flash software, which begins the download of the Koobface malware. Victims’ computers are drafted into a “botnet,” or network of infected PCs, and are sent official-looking advertisements of fake antivirus software and their Web searches are also hijacked and the clicks delivered to unscrupulous marketers. The group made money from people who bought the bogus software and from unsuspecting advertisers.

The security software firm Kaspersky Labs has estimated the network includes 400,000 to 800,000 PCs worldwide at its height in 2010. Victims are often unaware their machines have been compromised.

The Koobface gang’s freedom underscores how hard it is to apprehend international computer criminals, even when identities are known. These groups tend to operate in countries where they can work unmolested by the local authorities, and where cooperation with United States and European law enforcement agencies is poor. Meanwhile, Western law enforcement is awash in computer crime and lacks the resources and skilled manpower to tackle it effectively, especially when evidence putting individuals’ fingers on keyboards must be collected abroad.

On Tuesday, Facebook plans to announce that it will begin sharing information about the group and how to fight them with security researchers and other Internet companies. It believes public namings can make it harder for such groups to operate and send a message to the criminal underground.

None of the men have been charged with a crime and no law enforcement agencies have confirmed they are under investigation.

The group investigators have identified has adopted the tongue-in-cheek name, Ali Baba & 4: Anton Korotchenko, who uses the online nickname “KrotReal”; Stanislav Avdeyko, known as “leDed”; Svyatoslav E. Polichuck, who goes by “PsViat” and “PsycoMan”; Roman P. Koturbach, who uses the online moniker “PoMuc”; and Alexander Koltysehv, or “Floppy.” )

Efforts to contact members of the group for comment have been unsuccessful.

Weeks after early versions of the Koobface worm began appearing on Facebook, investigators inside the company were able to trace the attacks to those responsible. “We’ve had a picture of one of the guys in a scuba mask on our wall since 2008,” said Ryan McGeehan, manager of investigations and incident response at Facebook.

Since then, Facebook and several independent security researchers have provided law enforcement agencies, including the Federal Bureau of Investigation, with information and evidence. Most notably, Jan Droemer, a 32-year-old independent researcher in Germany, has provided important information and leads, including a password-free view inside Koobface’s command-and-control system, known as the “Mothership.” Mr. Droemer spent nights and weekends for four months in late 2009 and early 2010 unmasking the gang members using only information available publicly on the Internet.

The F.B.I. declined to comment.

That computer crime pays is fueling a boom that is leaving few Internet users and businesses unscathed. The toll on consumers alone is estimated at $114 billion annually worldwide, according to a September 2011 study by the security software maker Symantec.

Russia, in particular, has a reputation as a hacker haven, although it has pursued several prominent cases against spammers recently. The Soviet education system’s emphasis on math and science combined with post-Communist economic collapse and weak private industry meant there were many highly trained engineers, but few legitimate outlets for their skills, said Vsevolod Gunitskiy, an assistant professor at the University of Toronto.

“Russia is sort of a perfect storm for cybercrime,” he said. The proliferation of organized crime and official corruption created “this very strong legacy of contempt for the laws and general culture of criminality.”

The Russian Embassy in Washington said it does not have any information regarding this group and that American law enforcement officials had never contacted the embassy on this issue.

The men investigators believe are behind Koobface look a lot like ordinary software enthusiasts, albeit with more tattoos and an outlaw persona. Mr. Avdeyko, who is two decades older than the other men and has been tied to an infamous spyware program dating to 2003 called CoolWebSearch, appears to hold a leadership role.

He and at least two of the other men have worked in the world of online pornography, said Mr. Droemer. Mr. Korotchenko and several of the other men apparently tried to run a legitimate mobile software and services business, colorfully named MobSoft Ltd. They did not reply to e-mails requesting interviews.

Mr. Droemer said the gang’s success was more attributable to workaday persistence and willingness to adapt than technical sophistication. They could have spread Koobface to many more PCs, he said. “They could have done a lot more technical things to make it more perfect, more marvelous. But there was just no need to do it. They were just investing as much to get the revenue they wanted to get.”

The group cleverly harnessed the infrastructures of powerful online services — from Facebook and Twitter to Google’s search engine and Blogger — to do the heavy lifting, and may have run its enterprise with just a few computers.

Koobface will probably earn its place in history for pioneering and leading the criminal exploitation of social networks, rather than the size of its profits. Data found in the botnet’s command-and-control system suggests the group has earned at least $2 million a year for the 3 1/2 years of its existence, although the actual total is very likely higher, Mr. Droemer said.

Experts say the gang could have further enriched itself through identity fraud, since it has had access to millions of PCs and social-network profiles, but that there is no evidence it has done so.

Indeed, in a 2009 Christmas e-card to security researchers left inside victim computers, the gang vowed it would never steal credit card or banking information. It called viruses “something awful.” Its tactics have been less ruthless than those of many other hacker groups, experts said. For instance, it has never deployed malicious programs that install automatically, and rather has required its victims to make several unwise clicks.

While the Koobface gang operates freely, Facebook has focused on building elaborate defenses against the worm, which relentlessly struck the site again and again until disappearing in March. The gang abandoned the site after Facebook mounted a major counteroffensive, which included an effort to dismantle the command-and-control system of the botnet and a simultaneous push to scrub its network of the worm and clean up infections in users’ PCs.

“We fired all the different guns at the same time,” said Joe Sullivan, chief security officer at Facebook. “If we could literally shut down the command-and-control, all the infections, and just make them have to start over from scratch in all contexts, we figured they might decide to move on.” He hoped they would conclude Facebook was unprofitable, he said.

But Facebook’s effort and two earlier takedown efforts by security researchers — including one by the Bulgarian researcher Dancho Danchev, who revealed the name of one Koobface member on his blog last week — have failed put an end to Koobface, and smaller sites continue to suffer.

“People who engage in this type of stuff need to know that their name and real identity are going to come out eventually and they’re going to get arrested and they’re going to be targeted,” Mr. Sullivan said. “People are fighting back.”

Web Gang Operating in the Open,
NYT,
16.1.2012,
http://www.nytimes.com/2012/01/17/
technology/koobface-gang-that-used-facebook-
to-spread-worm-operates-in-the-open.html

 

 

 

 

 

For Hackers, the Next Lock to Pick

 

September 27, 2011
The New York Times
By CLAIRE CAIN MILLER

 

SAN FRANCISCO — Hackers have broken into the cellphones of celebrities like Scarlett Johansson and Prince William. But what about the rest of us, who might not have particularly salacious photos or voice messages stored in our phones, but nonetheless have e-mails, credit card numbers and records of our locations?

A growing number of companies, including start-ups and big names in computer security like McAfee, Symantec, Sophos and AVG, see a business opportunity in mobile security — protecting cellphones from hacks and malware that could read text messages, store location information or add charges directly to mobile phone bills.

On Tuesday, McAfee introduced a service for consumers to protect their smartphones, tablets and computers at once, and last week the company introduced a mobile security system for businesses. Last month, AT&T partnered with Juniper Networks to build mobile security apps for consumers and businesses. The Defense Department has called for companies and universities to come up with ways to protect Android devices from malware.

In an indication of investor interest, one start-up, Lookout, last week raised $40 million from venture capital firms, including Andreessen Horowitz, bringing its total to $76.5 million. The company makes an app that scans other apps that people download to their phones, looking for malware and viruses. It automatically tracks 700,000 mobile apps and updates Lookout whenever it finds a threat.

Still, in some ways, it’s an industry ahead of its time. Experts in mobile security agree that mobile hackers are not yet much of a threat. But that is poised to change quickly, they say, especially as people increasingly use their phones to exchange money, by mobile shopping or using digital wallets like Google Wallet.

“Unlike PCs, the chance of running into something in the wild for your phone is quite low,” said Charlie Miller, a researcher at Accuvant, a security consulting company, and a hacker who has revealed weaknesses in iPhones. “That’s partly because it’s more secure but mostly because the bad guys haven’t gotten around to it yet. But the bad guys are going to slowly follow the money over to your phones.”

Most consumers, though they protect their computers, are unaware that they need to secure their phones, he said, “but the smartphones people have are computers, and the same thing that can happen on your computer can happen on your phone.”

Cellphone users are more likely than computer users to click on dangerous links or download sketchy apps because they are often distracted, experts say. Phones can be more vulnerable because they connect to wireless networks at the gym or the coffee shop, and hackers can surreptitiously charge consumers for a purchase.

There have already been harmful attacks, most of which have originated in China, said John Hering, co-founder and chief executive of Lookout.

For example, this year, the Android market was hit by malware called DroidDream. Hackers pirated 80 applications, added malicious code and tricked users into downloading them from the Android Market. Google said 260,000 devices were attacked.

Also this year, people unwittingly downloaded other malware, called GGTracker, by clicking on links in ads, and on the Web site to which the links led. The malware signed them up, without their consent, for text message subscription services that charged $10 to $50.

Lookout says that up to a million people were afflicted by mobile malware in the first half of the year, and that the threat for Android users is two and a half times higher than it was just six months ago.

Still, other experts caution that fear is profitable for the security industry, and that consumers should be realistic about the small size of the threat at this point. AdaptiveMobile, which sells mobile security tools, found that 6 percent of smartphone users said they had received a virus, but that the actual number of confirmed viruses had not topped 2 percent.

Lookout’s founders are hackers themselves, though they say they are the good kind, who break into phones and computers to expose the risks but not to steal information or behave maliciously. “It’s very James Bond-type stuff,” Mr. Hering said.

A few years ago, he stood with a backpack filled with hacking gear near the Academy Awards red carpet and discovered that up to 100 of the stars carried, in their bejeweled clutches and tuxedo pockets, cellphones that he could break into. He did not break into the phones, but publicized his ability to do so.

He started Lookout in 2007, along with Kevin Mahaffey and James Burgess, to prevent such intrusions. It has free apps for Android, BlackBerry and Windows phones, but not for iPhones. They are less vulnerable to attacks, security experts say, because Apple’s app store, unlike Android’s, screens every app before accepting it. Also, Android is the fastest-growing mobile platform, so it is more attractive to hackers.

Google says it regularly scans apps in the Android Market for malware and can rapidly remove malicious apps from the market and from people’s phones. It prevents Android apps from accessing other apps and alerts users if an app accesses its contact list or location, for instance.

Lookout also sells a paid version for $3 a month, which scans apps for privacy intrusions like accessing a user’s contact list, alerts users if they visit unsafe mobile Web sites or click on unsafe links in text messages, backs up a phone’s call history and photos, and lets people lock or delete information from lost devices.

T-Mobile builds Lookout into its Android phones, Verizon uses its technology to screen apps in its app store and Sprint markets the app to customers. The cellphone carriers and Lookout share the revenue when a user upgrades to the paid version.

“In mobile security circles, you never wait on it to become a problem and it’s too late,” said Fared Adib, vice president of product development at Sprint.

Meanwhile, because mobile phone attacks are still relatively rare, Lookout’s free app includes tools, including a way to back up a user’s contacts and a feature that enables users to turn on an alarm on their phone when it is lost.

“You’re way more likely to just leave it in a cab than you are going to be attacked by a hacker,” said Mr. Miller, the security researcher.

And in addition to collecting money from paying subscribers, Lookout plans to sell the service to businesses. It has a chance because consumers are increasingly bringing their own technologies into the workplace, and Lookout’s app is consumer-friendly, said Chenxi Wang, a security analyst at Forrester Research.

“It’s something a lot of I.T. guys are worried about because they have no control over what consumers are doing and what these apps are doing,” Ms. Wang said.

Giovanni Vigna, a professor at the University of California, Santa Barbara who studies security and malware, said it was only a matter of time before mobile security was as second nature to consumers as computer security.

“The moment malware starts using text messages and expensive minutes people have to pay for, things will move a lot faster,” he said.

    For Hackers, the Next Lock to Pick, NYT, 27.9.2011,
    http://www.nytimes.com/2011/09/28/technology/
    companies-see-opportunity-in-stopping-cellphone-hackers.html

 

 

 

 

 

Exclusive:

Hacking blitz

drives cyberinsurance demand

 

NEW YORK | Tue Jun 14, 2011
6:24pm EDT
By Ben Berkowitz

 

NEW YORK (Reuters) - The recent string of sensational hacker attacks is driving companies to seek "cyberinsurance" worth hundreds of millions of dollars, even though many policies can still leave them exposed to claims.

Companies are having to enhance not just their information technology practices but also their human resources and employee training functions just to get adequate coverage against intrusion -- and in some cases, they are also accepting deductibles in the tens of millions of dollars.

Insurers and insurance brokers say demand is soaring, as companies try to protect themselves against civil suits and the potential for fines by governments and regulators, but also as they seek help paying for mundane costs like "sorry letters" to customers.

"When you have a catastrophic type of data breach then yes ... the phones ring off the hook," said Kevin Kalinich, co-national managing director of the professional risk group at insurance broker Aon Corp (AON.N: Quote, Profile, Research, Stock Buzz).

In the past few weeks, the U.S. Senate, the International Monetary Fund, defense contractor Lockheed Martin Corp. (LMT.N: Quote, Profile, Research, Stock Buzz), banking concern Citigroup Inc (C.N: Quote, Profile, Research, Stock Buzz), technology giant Google (GOOG.O: Quote, Profile, Research, Stock Buzz) and consumer electronics group Sony Corp (6758.T: Quote, Profile, Research, Stock Buzz) are among those who have disclosed hacker attacks of various kinds.

In the days after Sony disclosed it had more than 100 million customer accounts compromised, the company said its insurance would help cover the costs of fixing its systems and providing identity theft services to account holders.

That helped drum up business for the still-growing segment of the industry, and the demand has only intensified since a more recent breach at Citigroup, which security experts said was the largest direct attack on a U.S. bank to date.

Some insurers say this is the moment the industry has been waiting for as the tide of bad news becomes so overwhelming that customers have no choice but to seek coverage. On Tuesday, Travelers (TRV.N: Quote, Profile, Research, Stock Buzz) became the latest insurer to launch a package of policies covering various fraud and expense liabilities.

Aon's Kalinich said fewer than five percent of data breaches lead to costs of more than $20 million, and yet more and more companies are seeking to be insured for that and more to protect themselves against the shifting risk.

Large customers are going to extremes, taking out coverage for data breach liabilities of as much as $200 million, while also taking $25 million deductibles to keep their premiums down.

 

GOOD RISK

As with any kind of insurance, data breach policies carry all sorts of exclusions that put the onus on the company. Some, for example, exclude coverage for any incident that involves an unencrypted laptop. In other cases, insurers say, coverage can be voided if regular software updates are not downloaded or if employees do not change their passwords periodically.

"Insurers are all looking for good risks, whether it is a fire insurance company that wants a building that is sprinklered and doesn't have oily rags laying around - this is the equivalent in the IT area. They want good systems, they want good protection, they want good risk," said Don Glazier, a principal at Integro Insurance Brokers in Chicago.

Given that the average data breach cost $7.2 million last year, according to a March study from the Ponemon Institute, hundreds of millions of dollars of cover may seem extreme. But with the scale and scope of hacking attacks growing daily, some companies can not be cautious enough.

Of course, the risk they face is a moving target, both for them and for the insurance companies. After 10 years of writing policies, industry experts say a consensus is building on what "cyberinsurance" covers.

Generally, such policies now cover third-party liability, like suits filed by customers whose accounts have been hacked; direct costs like notification letters sent to affected customers; and, increasingly, fines and penalties associated with data breaches.

What is missing from the equation, however, is standards. Insurers can try to standardize the risk from hacking attacks, but cyberinsurance is still not auto insurance, where carriers can make their customers wear seat belts as a condition of a policy.

"One day the industry will actually be so robust that ... we'll have the leverage to actually create standards," said Tracey Vispoli, a senior vice president at insurer Chubb (CB.N: Quote, Profile, Research, Stock Buzz). "We're not there yet but that to me is a win to the industry."

 

CONSUMER BURDEN

Consumers are increasingly finding themselves less protected and more liable as well. Courts are siding with vendors and not their customers in some cases when it comes to the misuse of data.

In late May, a U.S. magistrate judge in Maine recommended the district court throw out a lawsuit filed against a bank by one of its customers, a construction company.

The customer had suffered a series of unauthorized withdrawals from its account after some employees' computers were infected with a virus that captured their banking information. The company sued the bank on the grounds that the bank's systems should have caught the clearly unusual pattern.

Lawyers who litigate cyberrisk say in the current environment, many companies are only looking out for themselves, not for their customers or suppliers.

"Most companies are looking more for first party (coverage), they're worried more about their own systems," said Richard Bortnick, an attorney with Cozen O'Connor and the publisher of the digital law blog CyberInquirer.

"Not all companies deem it necessary to provide notification of a cyberbreach or incident for reasons of reputation and other marketing-related bases," he said.

 

(Reporting by Ben Berkowitz, Editing by Martin Howell)

    Exclusive: Hacking blitz drives cyberinsurance demand, R, 14.6.2011,
    http://www.reuters.com/article/2011/06/14/
    us-insurance-cybersecurity-idUSTRE75D5MK20110614

 

 

 

 

 

Thieves Found Citigroup Site

an Easy Entry

 

June 13, 2011
The New York Times
By NELSON D. SCHWARTZ
and ERIC DASH

 

Think of it as a mansion with a high-tech security system — but the front door wasn’t locked tight.

Using the Citigroup customer Web site as a gateway to bypass traditional safeguards and impersonate actual credit card holders, a team of sophisticated thieves cracked into the bank’s vast reservoir of personal financial data, until they were detected in a routine check in early May.

That allowed them to capture the names, account numbers, e-mail addresses and transaction histories of more than 200,000 Citi customers, security experts said, revealing for the first time details of one of the most brazen bank hacking attacks in recent years.

The case illustrates the threat posed by the rising demand for private financial information from the world of foreign hackers.

In the Citi breach, the data thieves were able to penetrate the bank’s defenses by first logging on to the site reserved for its credit card customers.

Once inside, they leapfrogged between the accounts of different Citi customers by inserting vari-ous account numbers into a string of text located in the browser’s address bar. The hackers’ code systems automatically repeated this exercise tens of thousands of times — allowing them to capture the confidential private data.

The method is seemingly simple, but the fact that the thieves knew to focus on this particular vulnerability marks the Citigroup attack as especially ingenious, security experts said.

One security expert familiar with the investigation wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser. “It would have been hard to prepare for this type of vulnerability,” he said. The security expert insisted on anonymity because the inquiry was at an early stage.

The financial damage to Citigroup and its customers is not yet clear. Sean Kevelighan, a bank spokesman, declined to comment on the details of the breach, citing the ongoing criminal investigation. In a statement, he said that Citigroup discovered the breach in early May and the problem was “rectified immediately.” He added that the bank had initiated internal fraud alerts and stepped up its account monitoring.

The expertise behind the attack, according to law enforcement officials and security experts, is a sign of what is likely to be a wave of more and more sophisticated breaches by high-tech thieves hungry for credit card numbers and other confidential information.

That is because demand for the data is on the rise. In 2008, the underground market for the data was flooded with more than 360 million stolen personal records, most of them credit and debit files. That compared with 3.8 million records stolen in 2010, according to a report by Verizon and the Secret Service, which investigates credit card fraud along with other law enforcement agencies like the Federal Bureau of Investigation.

Now, as credit cards that were compromised in the vast 2008 thefts expire, thieves are stepping up efforts to find new accounts.

As a result, prices for basic credit card information could rise to several dollars from their current level of only pennies.

“If you think financially motivated breaches are huge now, just wait another year,” said Bryan Sartin, who conducts forensic investigations for Verizon’s consulting arm.

The kind of information the thieves are able to glean is shared in online forums that are a veritable marketplace for criminals. Networks that three years ago numbered several thousands users have expanded to include tens of thousands of hackers.

“These are online bazaars,” said Pablo Martinez, deputy special agent in charge of the Secret Service’s criminal investigation division. “They are growing exponentially and we have seen the entire process become more professional.”

For example, some hackers specialize in prying out customer names, account numbers and other confidential information, Mr. Martinez said. Brokers then sell that information in the Internet bazaars. Criminals use it to impersonate customers and buy merchandise. Finally, “money mules” wire home the profits through outlets like Western Union or MoneyGram.

“It’s like ‘Mission Impossible’ when they select the teams,” said Mark Rasch, a former prosecutor who is now with CSC, an information technology services firm. “And they don’t know each other, except by hacker handle and reputation.”

In the Citi attack, the hackers did not obtain expiration dates or the three-digit security code on the back of the card, which will make it harder for thieves to use the information to commit fraud.

Not every breach results in a crime. But identity theft has ranked first among complaints to the Federal Trade Commission for 11 consecutive years, with 1.34 million in 2010, twice as many as the next category, which is debt collection.

Many of these attacks have their origins in Eastern Europe, including Russia, Belarus, Ukraine and Romania. In fact, the security expert familiar with the Citi breach said it originated in the region, though he would not specify the country.

In Russia, Xakep.ru, is one of the larger forums for Eastern European hackers today, with nearly 13,300 registered members, according to Cyveillance. HackZone.ru is larger, and has more than 58,000 members. In addition, attacks by Romanian hackers have grown noticeably more advanced recently, according to security experts.

On HackZone, one seller who called himself “zoloto” promised “all cards valid 100%” and that they would be sold only one time.

Underscoring the multinational nature of these rings, American law-enforcement agencies have also been putting more investigators overseas.

“The only way to address a global issue is to address it globally with your partners,” said Gordon M. Snow, assistant director of the F.B.I.’s Cyber Division.

The Secret Service established a presence in Tallinn, Estonia, last month, and has embedded agents with Ukrainian authorities since the beginning of the year. The F.B.I. has embedded agents in the Netherlands, Estonia, Ukraine and Romania, and works closely with its counterparts in Australia, Germany and Britain.

But even officials at these agencies acknowledge that as fast as they move, the hackers’ strategies are evolving at Silicon Valley speed.

“With every takedown, they regroup,” said J. Keith Mularski, a supervisory special agent with the F.B.I.

 

Riva Richmond contributed reporting.

    Thieves Found Citigroup Site an Easy Entry, NYT, 13.6.2011,
    http://www.nytimes.com/2011/06/14/technology/14security.html

 

 

 

 

 

U.S. says worried by cyber-attacks;

committed to Asia

 

SINGAPORE | Sat Jun 4, 2011
4:17am EDT
Reuters
By Raju Gopalakrishnan
and David Alexander

 

SINGAPORE (Reuters) - The United States is seriously concerned about cyber-attacks and is prepared to use force against those it considers acts of war, Defense Secretary Robert Gates said at a security meeting in Asia on Saturday.

He also assured Asian allies that the United States would protect sea lanes and maintain a robust military presence in the region despite a severe budget crunch and the protracted wars in Iraq and Afghanistan.

"We take the cyber threat very seriously and we see it from a variety of sources, not just one or another country," Gates said at the annual Shangri-La Dialogue, an apparent reference to reports that several of the attacks may have originated in China.

"What would constitute an act of war by cyber that would require some kind of response, either in kind or kinetically?" he said.

"We could avoid some serious international tensions in the future if we could establish some rules of the road as early as possible to let people know what kinds of acts are acceptable, what kinds of acts are not and what kinds of acts may in fact be acts of war."

Earlier this week, Google said it had disrupted a campaign aimed at stealing passwords of hundreds of Google email account holders, including senior U.S. government officials, Chinese activists and journalists.

It was the latest in a series of cyber attacks that have also targeted defense contractor Lockheed Martin and Sony Corp. Google said the latest breach appeared to originate in China but neither the company nor the U.S. government has said the Chinese government was responsible.

But the U.S. State Department has asked Beijing to investigate.

British Defense Secretary Liam Fox said cyber attacks were now regular and in large numbers. "It's....the war of the invisible enemy," he said, adding that it had become a matter of urgency and was firmly on top of the security agenda.

 

CHINA TIES

Gates said it was difficult to identify where the perpetrators of such attacks were based and added that military ties with China were improving.

But he also said the U.S. was preparing weapons systems and capabilities that would allow U.S. forces "to deploy, move and strike over great distances in defense of our allies and vital interests." Although he gave few other details, the plans could worry China, U.S. officials privately said.

Asked whether China wouldn't see the remarks as a concern, a senior U.S. defense official said it was an example of the need for greater military transparency between the two sides.

"Without transparency, we obviously have to do certain things and make certain preparations because it's not quite clear what everybody's intentions are," the official said. "So the more ... clear it is about what China's military investment is aimed at, the more clear it us for us what's going on in the region and what intentions are."

Gates said the United States was committed to its Asian allies although a decade of combat in Iraq and Afghanistan had strained U.S. ground forces and exhausted public patience, while the recession had left Washington with huge budget deficits and looking to cut military spending.

"Irrespective of the tough times the U.S. faces today, or the tough budget choices we confront in the coming years, ... America's interests as a Pacific nation -- as a country that conducts much of its trade in the region -- will endure," he said.

"The United States and Asia will only become more inextricably linked over the course of this century. These realities ... argue strongly for sustaining our commitments to allies while maintaining a robust military engagement and deterrent posture across the Pacific Rim," he said.

 

(Additional reporting by Kevin Lim and Sanjeev Miglani;

Editing by Jonathan Thatcher)

    U.S. says worried by cyber-attacks; committed to Asia, R, 4.6.2011,
    http://www.reuters.com/article/2011/06/04/
    us-singapore-defence-idUSTRE7530O920110604

 

 

 

 

 

Factbox:

Sony breach latest

in string of cyber attacks

 

BOSTON | Tue Apr 26, 2011
6:34pm EDT
Reuters

 

BOSTON (Reuters) - An unauthorized person stole names, addresses and possibly credit card data belonging to 77 million account holders on Sony's PlayStation Network in what could be one of the largest-ever Internet security breaches.

Internet security experts believe that these systems were breached by hackers who persuaded unsuspecting system administrators to load malicious software onto their machines. Here are some other large Internet security breaches:

April 2011 -- Online marketer Epsilon, which sends billions of emails a year for clients that represent a "Who's Who" of major banks and retailers, reports a breach of its system. It says that some clients' customer names and email addresses were stolen.

2010 -- Security researchers identify a computer worm dubbed Stuxnet that they speculate was designed to breach a system used to refine uranium in Iran at that nation's Natanz enrichment plant.

2010 -- Google Inc says that it was the victim of a cyber attack on its operations in China that resulted in the theft of its intellectual property. Google said that the networks of more than 20 other companies had been infiltrated.

2009 -- Hacker Albert Gonzalez pleads guilty to stealing tens of millions of payment card numbers by breaking into corporate computer systems from businesses including payment card processor Heartland Payment Systems, TJX Company Inc, 7-Eleven Inc and Target Co

 

(Reporting by Jim Finkle, editing by Bernard Orr)

    Factbox: Sony breach latest in string of cyber attacks, R, 26.4.2011,
    http://www.reuters.com/article/2011/04/26/
    us-sony-stolendata-factbox-idUSTRE73P7GF20110426

 

 

 

 

 

U.S. shuts down

massive cyber theft ring

 

WASHINGTON/BOSTON | Wed Apr 13, 2011
6:55pm EDT
By Diane Bartz and Jim Finkle

 

WASHINGTON/BOSTON (Reuters) - U.S. authorities claimed one of their biggest victories against cyber crime as they shut down a ring they said used malicious software to take control of more than 2 million PCs around the world, and may have led to theft of more than $100 million.

A computer virus, dubbed Coreflood, infected more than 2 million PCs, enslaving them into a "botnet" that grabbed banking credentials and other sensitive data its masters used to steal funds via fraudulent banking and wire transactions, the U.S. Department of Justice said on Wednesday.

The government shuttered that botnet, which had operated for a decade, by seizing hard drives used to run it after a federal court in Connecticut gave the go-ahead.

"This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it," said Alan Paller, director of research at the SAN Institute, a nonprofit group that helps fight cyber crime.

The vast majority of the infected machines were in the United States, but the criminal gang was likely overseas.

"We're pretty sure a Russian crime group was behind it," said Paller.

Paller and other security experts said it was hard to know how much money the gang stole. It could easily be tens of millions of dollars and could go above $100 million, said Dave Marcus, McAfee Labs research and communications director.

A civil complaint against 13 unnamed foreign nationals was also filed by the U.S. district attorney in Connecticut. It accused them of wire and bank fraud. The Justice Department said it had an ongoing criminal investigation.

The malicious Coreflood software was used to infect computers with keylogging software that stole user names, passwords, financial data and other information, the Justice Department said.

"The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes," U.S. Attorney David Fein said in a statement.

In March, law enforcement raids on servers used by a Rustock botnet were shut down after legal action against them by Microsoft Corp. Authorities severed the Rustock IP addresses, effectively disabling the botnet.

Rustock had been one of the biggest producers of spam e-mail, with some tech security experts estimating they produced half the spam that fills people's junk mail bins.

A botnet is essentially one or more servers that spread malicious software and use the software to send spam or to steal personal information or data that can be used to empty a victim's bank account.

U.S. government programmers shut down the Coreflood botnet on Tuesday. They also instructed the computers enslaved in the botnet to stop sending stolen data and to shut down. A similar tactic was used in a Dutch case, but it was the first time U.S. authorities had used this method to shut down a botnet, according to court documents.

Victims of the botnet included a real estate company in Michigan that lost $115,771, a South Carolina law firm that lost $78,421 and a Tennessee defense contractor that lost $241,866, according to the complaint filed in the U.S. District Court for the District of Connecticut.

The government plans to work with Internet service providers around the country to identify other victims.

 

(Reporting by Diane Bartz and Jim Finkle;

editing by Gary Hill and Andre Grenon)

    U.S. shuts down massive cyber theft ring, R, 13.4.2011,
    http://www.reuters.com/article/2011/04/13/
    us-cybersecurity-coreflood-idUSTRE73C7NQ20110413

 

 

 

 

 

From Bullets to Megabytes

 

January 26, 2011
The New York Times
By RICHARD A. FALKENRATH

 

STUXNET, the computer worm that last year disrupted many of the gas centrifuges central to Iran’s nuclear program, is a powerful weapon in the new age of global information warfare. A sophisticated half-megabyte of computer code apparently accomplished what a half-decade of United Nations Security Council resolutions could not.

This new form of warfare has several implications that are only now becoming apparent, and that will define the shape of what will likely become the next global arms race — albeit one measured in computer code rather than firepower.

For one thing, the Stuxnet attack highlights the ambiguous boundaries of sovereignty in cyberspace. Promoting national security in the information age will, from time to time, cause unpredictable offense to the rights and interests of innocent people, companies and countries.

Stuxnet attacked the Iranian nuclear program, but it did so by maliciously manipulating commercial software products sold globally by major Western companies. Whoever launched the assault also infected thousands of computers in several countries, including Australia, Britain, Indonesia and the United States.

This kind of collateral damage to the global civilian realm is going to be the norm, not the exception, and advanced economies, which are more dependent on advanced information systems, will be at particular risk.

What’s more, offensive and defensive information warfare are tightly, insidiously coupled, which will significantly complicate military-industrial relations.

The expertise needed to defend against a cyberattack is essentially indistinguishable from that needed to make such an attack. The Stuxnet programmers are reported to have exploited proprietary information that had been voluntarily provided to the American government by Siemens, that German company that makes data-and-control programs used in nuclear power facilities — including Iran’s.

Siemens did this to help Washington build up its ability to fend off cyberattacks. Will Siemens and other companies think twice next time the American government calls? Probably. Whether it’s true or not, as far as the rest of the world is concerned, the United States is now in the business of offensive information warfare, along with China, Israel and Russia, among others.

It’s not hard to imagine, then, the splintering of the global information technology industry into multiple camps according to their willingness to cooperate with governments on security matters. We can already see this happening in the telecommunications industry, where companies promote their products’ resistance to government intrusion. At the same time, other companies might see an advantage to working closely with the government.

Stuxnet also raises sticky and perhaps irresolvable legal questions. At present there is no real legal framework for adjudicating international cyberattacks; even if victims could determine who was responsible, their governments have few options outside of diplomatic complaints and, perhaps, retaliation in kind. An international entity that could legislate or enforce an information warfare armistice does not exist, and is not really conceivable.

A similar question exists within the United States. Under American law the transmission of malicious code is in many cases a criminal offense. This makes sense, given the economy’s reliance on information networks, the sensitivity of stored electronic data and the ever-present risk of attack from viruses, worms and other varieties of malware.

But the president, as commander in chief, does have some authority to conduct offensive information warfare against foreign adversaries. However, as with many presidential powers to wage war and conduct espionage, the extent of his authority has never been enumerated.

This legal ambiguity is problematic because such warfare is far less controllable than traditional military and intelligence operations, and it raises much more complex issues of private property, personal privacy and commercial integrity.

Therefore, before our courts are forced to consider the issue and potentially limit executive powers, as they did after President Harry Truman tried to seize steel plants in the early 1950s, Congress should grant the White House broad authority to wage offensive information warfare.

By explicitly authorizing these offensive operations in appropriate, defined circumstances, a new statute would strengthen the president’s power to provide for the common defense in cyberspace. Doing so wouldn’t answer all the questions that this new era of warfare presents. But one thing is sure: as bad as this arms race will be, losing it would be even worse.

 

Richard A. Falkenrath, a principal of the Chertoff Group,

an investment advisory firm,

is a former deputy commissioner for counterterrorism

for the New York Police Department

and deputy homeland security adviser

to President George W. Bush.

    From Bullets to Megabytes, NYT, 26.1.2011,
    http://www.nytimes.com/2011/01/27/opinion/27falkenrath.html

 

 

 

 

 

 

 

 

 

 

Cyberattacks Hit U.S.

and South Korean Web Sites

 

July 9, 2009
The New York Times
By CHOE SANG-HUN

 

SEOUL, South Korea — Cyberattacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, South Korea’s main government spy agency said on Wednesday.

Although the National Intelligence Service did not identify whom they believed responsible, the South Korean news agency Yonhap reported that the spy agency had implicated North Korea or pro-North Korea groups.

A spokesman at the intelligence agency said it could not confirm the Yonhap report, which said that the spy agency briefed lawmakers about their suspicions on Wednesday. The opposition Democratic Party accused the spy agency of spreading unsubstantiated rumors to whip up support for a new anti-terrorism bill that would give it more power.

Access to at least 11 major Web sites in South Korea — including those of the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, the mass-circulation daily newspaper Chosun Ilbo and the top Internet portal Naver.com — have crashed or slowed down to a crawl since Tuesday evening, according to the government’s Korea Information Security Agency.

On Wednesday, some of the sites regained service, but others remained unstable or inaccessible.

In an attack linked with the one in South Korea, 14 major Web sites in the United States — including those of the White House, the State Department and the New York Stock Exchange — came under similar attacks, according to anti-cyberterrorism police officers in Seoul.

“This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level,” the National Intelligence Service said in a statement, adding that it is cooperating with the American investigative authorities to investigate the attacks.

The Associated Press reported Tuesday night that a widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several American government agencies, including some that are responsible for fighting cybercrime.

The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the holiday weekend and into this week, The A.P. reported, citing officials inside and outside the American government. The fact that the government Web sites were still being affected after three days signaled an unusually lengthy and sophisticated attack, the news agency reported, citing anonymous American officials.

The Washington Post, which also came under attack, reported on its Web site Wednesday that a total of 26 Web sites were targeted. In addition to sites run by government agencies, several commercial Web sites were also attacked, including those operated by Nasdaq, it reported, citing researchers involved in the investigation.

Amy Kudwa, a Department of Homeland Security spokeswoman, said that the agency was aware of the attacks on “federal and private sector public-facing Web sites.” The department, she said, has issued a notice to federal departments and agencies, as well as other partner organizations, on the activity and advised them of steps to take to help mitigate against such attacks.

“We see attacks on federal networks every day, and measures in place have minimized the impact to federal websites,” she said.

In the attack, an army of thousands of “zombie computers” infected by the hackers’ program were ordered to request access to these Web sites simultaneously, causing an overload that caused the sites’ servers to crash, South Korean officials said.

Although most of the North Korean military’s hardware is decrepit, the South Korean authorities have recently voiced their concern over possible cyberattacks from the North. In May, South Korean media reported that North Korea was running a cyberwarfare unit that operates through the Chinese Internet network and tries to hack into American and South Korean military networks.

In South Korea, the Blue House reported no data loss or other damage except disrupted access. The Defense Ministry and banks attacked also reported no immediate loss of security data or financial damage.

“The traffic to our site surged nine times of the normal level,” the Blue House said in a statement. “Computer users in some regions still suffer slow or no access at all to our site.”

Hwang Cheol-jeung, a senior official at the government’s Korea Communications Commission, said the attacks were launched by computers infected by a well-known “distributed denial of service,” or DDoS, hackers’ program.

The spy agency said 12,000 computers in South Korea and 8,000 overseas appeared to have been mobilized in the attacks. The Korea Communications Commission reported 22,000 infected computers.

“The infected computers are still attacking, and their number is not decreasing,” Mr. Hwang told reporters in a briefing. The government was urging users to upgrade their computers’ antivirus software.

Denial of service attacks against Web sites are not uncommon, but they can be made far more serious if hackers infect and use thousands of computers. Hackers frequently take aim at the American government: According to the Homeland Security Department, there were 5,499 known breaches of American government computers in 2008, up from 3,928 the previous year, and just 2,172 in 2006, The A.P. said.

The South Korean news agency Yonhap said the police have traced a possible starting point for the attack back to members of a small cable TV Web site in Seoul. But officials said that does not mean it originated there.

Mr. Hwang said South Korean authorities suspected that the hackers used a new variant of the denial of service program to attack the Web sites.

 

Sharon Otterman contributed reporting from New York.

    Cyberattacks Hit U.S. and South Korean Web Sites, NYT, 9.7.2009,
    http://www.nytimes.com/2009/07/09/technology/09cyber.html

 

 

 

 

 

Worm Infects

Millions of Computers Worldwide

 

January 23, 2009
The New York Times
By JOHN MARKOFF

 

A new digital plague has hit the Internet, infecting millions of personal and business computers in what seems to be the first step of a multistage attack. The world’s leading computer security experts do not yet know who programmed the infection, or what the next stage will be.

In recent weeks a worm, a malicious software program, has swept through corporate, educational and public computer networks around the world. Known as Conficker or Downadup, it is spread by a recently discovered Microsoft Windows vulnerability, by guessing network passwords and by hand-carried consumer gadgets like USB keys.

Experts say it is the worst infection since the Slammer worm exploded through the Internet in January 2003, and it may have infected as many as nine million personal computers around the world.

Worms like Conficker not only ricochet around the Internet at lightning speed, they harness infected computers into unified systems called botnets, which can then accept programming instructions from their clandestine masters. “If you’re looking for a digital Pearl Harbor, we now have the Japanese ships steaming toward us on the horizon,” said Rick Wesson, chief executive of Support Intelligence, a computer security consulting firm based in San Francisco.

Many computer users may not notice that their machines have been infected, and computer security researchers said they were waiting for the instructions to materialize, to determine what impact the botnet will have on PC users. It might operate in the background, using the infected computer to send spam or infect other computers, or it might steal the PC user’s personal information.

“I don’t know why people aren’t more afraid of these programs,” said Merrick L. Furst, a computer scientist at Georgia Tech. “This is like having a mole in your organization that can do things like send out any information it finds on machines it infects.”

Microsoft rushed an emergency patch to defend the Windows operating systems against this vulnerability in October, yet the worm has continued to spread even as the level of warnings has grown in recent weeks.

Earlier this week, security researchers at Qualys, a Silicon Valley security firm, estimated that about 30 percent of Windows-based computers attached to the Internet remain vulnerable to infection because they have not been updated with the patch, despite the fact that it was made available in October. The firm’s estimate is based on a survey of nine million Internet addresses.

Security researchers said the success of Conficker was due in part to lax security practices by both companies and individuals, who frequently do not immediately install updates.

A Microsoft executive defended the company’s security update service, saying there is no single solution to the malware problem.

“I do believe the updating strategy is working,” said George Stathakopoulos, general manager for Microsoft’s Security Engineering and Communications group. But he added that organizations must focus on everything from timely updates to password security.

“It’s all about defense in depth,” Mr. Stathakopoulos said.

Alfred Huger, vice president of development at Symantec’s security response division, said, “This is a really well-written worm.” He said security companies were still racing to try to unlock all of its secrets.

Unraveling the program has been particularly challenging because it comes with encryption mechanisms that hide its internal workings from those seeking to disable it.

Most security firms have updated their programs to detect and eradicate the software, and a variety of companies offer specialized software programs for detecting and removing it.

The program uses an elaborate shell-game-style technique to permit someone to command it remotely. Each day it generates a new list of 250 domain names. Instructions from any one of these domain names would be obeyed. To control the botnet, an attacker would need only to register a single domain to send instructions to the botnet globally, greatly complicating the task of law enforcement and security companies trying to intervene and block the activation of the botnet.

Computer security researchers expect that within days or weeks the bot-herder who controls the programs will send out commands to force the botnet to perform some as yet unknown illegal activity.

Several computer security firms said that although Conficker appeared to have been written from scratch, it had parallels to the work of a suspected Eastern European criminal gang that has profited by sending programs known as “scareware” to personal computers that seem to warn users of an infection and ask for credit card numbers to pay for bogus antivirus software that actually further infects their computer.

One intriguing clue left by the malware authors is that the first version of the program checked to see if the computer had a Ukrainian keyboard layout. If it found it had such a keyboard, it would not infect the machine, according to Phillip Porras, a security investigator at SRI International who has disassembled the program to determine how it functioned.

The worm has reignited a debate inside the computer security community over the possibility of eradicating the program before it is used by sending out instructions to the botnet that provide users with an alert that their machines have been infected.

“Yes, we are working on it, as are many others,” said one botnet researcher who spoke on the grounds that he not be identified because of his plan. “Yes, it’s illegal, but so was Rosa Parks sitting in the front of the bus.”

This idea of stopping the program in its tracks before it has the ability to do damage was challenged by many in the computer security community.

“It’s a really bad idea,” said Michael Argast, a security analyst at Sophos, a British computer security firm. “The ethics of this haven’t changed in 20 years, because the reality is that you can cause just as many problems as you solve.”

    Worm Infects Millions of Computers Worldwide, NYT, 23.1.2009,
    http://www.nytimes.com/2009/01/23/technology/internet/23worm.html

 

 

 

 

 

Malware Cited in Hannaford Breach

 

March 28, 2008
Filed at 11:50 a.m. ET
The New York Times
By THE ASSOCIATED PRESS
 

 

PORTLAND, Maine (AP) -- Hannaford Bros. Co. says unauthorized software installed on the supermarket chain's internal servers enabled a massive data breach that compromised up to 4.2 million credit and data cards.

The Maine-based grocer confirmed a report in The Boston Globe that it told Massachusetts regulators this week about the link to the illicit computer program.

Hannaford spokeswoman Carol Eleazer said the company doesn't know how the malicious software, known as malware, got on the servers.

The company has said that the data theft, which occurred between Dec. 7 and March 10, happened as shoppers swiped their cards at checkout line machines and the information was transmitted to banks for approval.

    Malware Cited in Hannaford Breach, NYT, 28.3.2008,
    http://www.nytimes.com/aponline/technology/AP-Retail-Data-Breach.html

 

 

 

 

 

MySpace and 45 States Team Up

to Fight Online Predators

 

January 14, 2008
Filed at 10:53 a.m. ET
The New York Times
By THE ASSOCIATED PRESS

 

ALBANY, N.Y. (AP) -- MySpace.com has agreed with more than 45 states to add extensive measures to combat sexual predators.

An official familiar with the multistate agreement said MySpace, the huge online social networking Web site, has agreed to include several online protections and participate in a working group to develop age-verification and other technologies.

The official said MySpace will also accept independent monitoring and changes to the structure of its site.

The agreement is scheduled to be announced today in Manhattan by attorneys general from New Jersey, North Carolina, Connecticut, Pennsylvania, Ohio and New York.

The official spoke on condition of anonymity because the agreement hadn't yet been announced.

The attorneys general have been seeking greater controls for online networking sites to prevent sexual predators from using those sites to contact children.

There was no immediate comment from MySpace, a unit of News Corp.

Investigators have increasingly examined MySpace, Facebook.com and similar social networking sites that allow people to post information and images on the Web and invite contacts from others.

Last year, New York investigators said they set up Facebook profiles as 12- to 14-year olds and were quickly contacted by other users looking for sex.

A multistate investigation of the sites -- announced last year -- was aimed at putting together measures to protect minors and remove pornographic material, but lawsuits were possible, officials said.

''We have to find the best way to make sure parents have the tools ... to protect their children when they're on social networking sites,'' North Carolina Attorney General Roy Cooper said in September.

    MySpace and 45 States Team Up to Fight Online Predators,
    NYT, 14.1.2008,
    http://www.nytimes.com/aponline/technology/AP-MySpace-Agreement.html

 

 

 

 

 

Man Described

as a Top Spammer Arrested

 

May 31, 2007
By THE ASSOCIATED PRESS
Filed at 2:46 a.m. ET
The New York Times

 

SEATTLE (AP) -- A 27-year-old man described as one of the world's most prolific spammers was arrested Wednesday, and federal authorities said computer users across the Web could notice a decrease in the amount of junk e-mail.

Robert Alan Soloway is accused of using networks of compromised ''zombie'' computers to send out millions upon millions of spam e-mails.

''He's one of the top 10 spammers in the world,'' said Tim Cranton, a Microsoft Corp. lawyer who is senior director of the company's Worldwide Internet Safety Programs. ''He's a huge problem for our customers. This is a very good day.''

A federal grand jury last week returned a 35-count indictment against Soloway charging him with mail fraud, wire fraud, e-mail fraud, aggravated identity theft and money laundering.

Soloway pleaded not guilty Wednesday afternoon to all charges after a judge determined that -- even with four bank accounts seized by the government -- he was sufficiently well off to pay for his own lawyer.

He has been living in a ritzy apartment and drives an expensive Mercedes convertible, said prosecutor Kathryn Warma. Prosecutors are seeking to have him forfeit $773,000 they say he made from his business, Newport Internet Marketing Corp.

A public defender who represented him for Wednesday's hearing declined to comment.

Prosecutors say Soloway used computers infected with malicious code to send out millions of junk e-mails since 2003. The computers are called ''zombies'' because owners typically have no idea their machines have been infected.

He continued his activities even after Microsoft won a $7 million civil judgment against him in 2005 and the operator of a small Internet service provider in Oklahoma won a $10 million judgment, prosecutors said.

U.S. Attorney Jeff Sullivan said Wednesday that the case is the first in the country in which federal prosecutors have used identity theft statutes to prosecute a spammer for taking over someone else's Internet domain name. Soloway could face decades in prison, though prosecutors said they have not calculated what guideline sentencing range he might face.

The investigation began when the authorities began receiving hundreds of complaints about Soloway, who had been featured on a list of known spammers kept by The Spamhaus Project, an international anti-spam organization.

The Santa Barbara County, Calif., Department of Social Services said it was spending $1,000 a week to fight the spam it was receiving, and other businesses and individuals complained of having their reputations damaged when it appeared spam was originating from their computers.

''This is not just a nuisance. This is way beyond a nuisance,'' Warma said.

Soloway used the networks of compromised computers to send out unsolicited bulk e-mails urging people to use his Internet marketing company to advertise their products, authorities said.

People who clicked on a link in the e-mail were directed to his Web site. There, Soloway advertised his ability to send out as many as 20 million e-mail advertisements over 15 days for $495, the indictment said.

The Spamhaus Project rejoiced at his arrest.

''Soloway has been a long-term nuisance on the Internet -- both in terms of the spam he sent, and the people he duped to use his spam service,'' organizers wrote on Spamhaus.org.

Soloway remained in federal detention pending a hearing Monday.

    Man Described as a Top Spammer Arrested, NYT, 31.5.2007,
    http://www.nytimes.com/aponline/technology/AP-Spam-Arrest.html

 

 

 

 

 

Attack of the Zombie Computers

Is Growing Threat

 

January 7, 2007

The New York Times

By JOHN MARKOFF

 

In their persistent quest to breach the Internet’s defenses, the bad guys are honing their weapons and increasing their firepower.

With growing sophistication, they are taking advantage of programs that secretly install themselves on thousands or even millions of personal computers, band these computers together into an unwitting army of zombies, and use the collective power of the dragooned network to commit Internet crimes.

These systems, called botnets, are being blamed for the huge spike in spam that bedeviled the Internet in recent months, as well as fraud and data theft.

Security researchers have been concerned about botnets for some time because they automate and amplify the effects of viruses and other malicious programs.

What is new is the vastly escalating scale of the problem — and the precision with which some of the programs can scan computers for specific information, like corporate and personal data, to drain money from online bank accounts and stock brokerages.

“It’s the perfect crime, both low-risk and high-profit,” said Gadi Evron, a computer security researcher for an Israeli-based firm, Beyond Security, who coordinates an international volunteer effort to fight botnets. “The war to make the Internet safe was lost long ago, and we need to figure out what to do now.”

Last spring, a program was discovered at a foreign coast guard agency that systematically searched for documents that had shipping schedules, then forwarded them to an e-mail address in China, according to David Rand, chief technology officer of Trend Micro, a Tokyo-based computer security firm. He declined to identify the agency because it is a customer.

Although there is a wide range of estimates of the overall infection rate, the scale and the power of the botnet programs have clearly become immense. David Dagon, a Georgia Institute of Technology researcher who is a co-founder of Damballa, a start-up company focusing on controlling botnets, said the consensus among scientists is that botnet programs are present on about 11 percent of the more than 650 million computers attached to the Internet.

Plagues of viruses and other malicious programs have periodically swept through the Internet since 1988, when there were only 60,000 computers online. Each time, computer security managers and users have cleaned up the damage and patched holes in systems.

In recent years, however, such attacks have increasingly become endemic, forcing increasingly stringent security responses. And the emergence of botnets has alarmed not just computer security experts, but also specialists who created the early Internet infrastructure.

“It represents a threat but it’s one that is hard to explain,” said David J. Farber, a Carnegie Mellon computer scientist who was an Internet pioneer. “It’s an insidious threat, and what worries me is that the scope of the problem is still not clear to most people.” Referring to Windows computers, he added, “The popular machines are so easy to penetrate, and that’s scary.”

So far botnets have predominantly infected Windows-based computers, although there have been scattered reports of botnet-related attacks on computers running the Linux and Macintosh operating systems. The programs are often created by small groups of code writers in Eastern Europe and elsewhere and distributed in a variety of ways, including e-mail attachments and downloads by users who do not know they are getting something malicious. They can even be present in pirated software sold on online auction sites. Once installed on Internet-connected PCs, they can be controlled using a widely available communications system called Internet Relay Chat, or I.R.C.

ShadowServer, a voluntary organization of computer security experts that monitors botnet activity, is now tracking more than 400,000 infected machines and about 1,450 separate I.R.C. control systems, which are called Command & Control servers.

The financial danger can be seen in a technical report presented last summer by a security researcher who analyzed the information contained in a 200-megabyte file that he had intercepted. The file had been generated by a botnet that was systematically harvesting stolen information and then hiding it in a secret location where the data could be retrieved by the botnet master.

The data in the file had been collected during a 30-day period, according to Rick Wesson, chief executive of Support Intelligence, a San Francisco-based company that sells information on computer security threats to corporations and federal agencies. The data came from 793 infected computers and it generated 54,926 log-in credentials and 281 credit-card numbers. The stolen information affected 1,239 companies, he said, including 35 stock brokerages, 86 bank accounts, 174 e-commerce accounts and 245 e-mail accounts.

Sensor information collected by his company is now able to identify more than 250,000 new botnet infections daily, Mr. Wesson said.

“We are losing this war badly,” he said. “Even the vendors understand that we are losing the war.”

According to the annual intelligence report of MessageLabs, a New York-based computer security firm, more than 80 percent of all spam now originates from botnets. Last month, for the first time ever, a single Internet service provider generated more than one billion spam e-mail messages in a 24-hour period, according to a ranking system maintained by Trend Micro, the computer security firm. That indicated that machines of the service providers’ customers had been woven into a giant network, with a single control point using them to pump out spam.

The extent of the botnet threat was underscored in recent months by the emergence of a version of the stealthy program that adds computers to the botnet. The recent version of the program, which security researchers are calling “rustock,” infected several hundred thousand Internet-connected computers and then began generating vast quantities of spam e-mail messages as part of a “pump and dump” stock scheme.

The author of the program, who is active on Internet technical discussion groups and claims to live in Zimbabwe, has found a way to hide the infecting agent in such a way that it leaves none of the traditional digital fingerprints that have been used to detect such programs.

Moreover, although rustock is currently being used for distributing spam, it is a more general tool that can be used with many other forms of illegal Internet activity.

“It could be used for other types of malware as well,” said Joe Stewart, a researcher at SecureWorks, an Atlanta-based computer security firm. “It’s just a payload delivery system with extra stealth.”

Last month Mr. Stewart tracked trading around a penny stock being touted in a spam campaign. The Diamant Art Corporation was trading for 8 cents on Dec. 15 when a series of small transactions involving 11,532,726 shares raised the price of the stock to 11 cents. After the close of business that day, a Friday, a botnet began spewing out millions of spam messages, he said.

On the following Monday, the stock went first to 19 cents per share and then ultimately to 25 cents a share. He estimated that if the spammer then sold the shares purchased at the peak on Monday he would realize a $20,000 profit. (By Dec. 20, it was down to 12 cents.)

Computer security experts warn that botnet programs are evolving faster than security firms can respond and have now come to represent a fundamental threat to the viability of the commercial Internet. The problem is being compounded, they say, because many Internet service providers are either ignoring or minimizing the problem.

“It’s a huge scientific, policy, and ultimately social crisis, and no one is taking any responsibility for addressing it,” said K. C. Claffy , a veteran Internet researcher at the San Diego Supercomputer Center.

The $6 billion computer security industry offers a growing array of products and services that are targeted at network operators, corporations and individual computer users. Yet the industry has a poor track record so far in combating the plague, according to computer security researchers.

“This is a little bit like airlines advertising how infrequently they crash into mountains,” said Mr. Dagon, the Georgia Tech researcher.

The malicious software is continually being refined by “black hat” programmers to defeat software that detects the malicious programs by tracking digital fingerprints.

Some botnet-installed programs have been identified that exploit features of the Windows operating system, like the ability to recognize recently viewed documents. Botnet authors assume that any personal document that a computer owner has used recently will also be of interest to a data thief, Mr. Dagon said.

Serry Winkler, a sales representative in Denver, said that she had turned off the network-security software provided by her Internet service provider because it slowed performance to a crawl on her PC, which was running Windows 98. A few months ago four sheriff’s deputies pounded on her apartment door to confiscate the PC, which they said was being used to order goods from Sears with a stolen credit card. The computer, it turned out, had been commandeered by an intruder who was using it remotely.

“I’m a middle-aged single woman living here for six years,” she said. “Do I sound like a terrorist?”

She is now planning to buy a more up-to-date PC, she said.

Attack of the Zombie Computers Is Growing Threat,
NYT,
7.1.2007,
https://www.nytimes.com/2007/01/07/
technology/07net.html

 

 

 

 

 

Flaws Are Detected

in Microsoft’s Vista

 

December 25, 2006

The New York Times

By JOHN MARKOFF

 

SAN FRANCISCO, Dec. 24 — Microsoft is facing an early crisis of confidence in the quality of its Windows Vista operating system as computer security researchers and hackers have begun to find potentially serious flaws in the system that was released to corporate customers late last month.

On Dec. 15, a Russian programmer posted a description of a flaw that makes it possible to increase a user’s privileges on all of the company’s recent operating systems, including Vista. And over the weekend a Silicon Valley computer security firm said it had notified Microsoft that it had also found that flaw, as well as five other vulnerabilities, including one serious error in the software code underlying the company’s new Internet Explorer 7 browser.

The browser flaw is particularly troubling because it potentially means that Web users could become infected with malicious software simply by visiting a booby-trapped site. That would make it possible for an attacker to inject rogue software into the Vista-based computer, according to executives at Determina, a company based in Redwood City, Calif., that sells software intended to protect against operating system and other vulnerabilities.

Determina is part of a small industry of companies that routinely pore over the technical details of software applications and operating systems looking for flaws. When flaws in Microsoft products are found they are reported to the software maker, which then produces fixes called patches. Microsoft has built technology into its recent operating systems that makes it possible for the company to fix its software automatically via the Internet.

Despite Microsoft assertions about the improved reliability of Vista, many in the industry are taking a wait-and-see approach. Microsoft’s previous operating system, Windows XP, required two “service packs” issued over a number of years to substantially improve security, and new flaws are still routinely discovered by outside researchers.

On Friday, a Microsoft executive posted a comment on a company security information Web site stating the company was “closely monitoring” the vulnerability described by the Russian Web site. It permits the privileges of a standard user account in Vista and other versions of Windows to be increased, permitting control of all of the operations of the computer. In Unix and modern Windows systems, users are restricted in the functions they can perform, and complete power is restricted to certain administrative accounts.

“Currently we have not observed any public exploitation or attack activity regarding this issue,” wrote Mike Reavey, operations manager of the Microsoft Security Response Center. “While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date.”

On Saturday, Nicole Miller, a Microsoft spokeswoman, said the company was also investigating the reported browser flaw and that it was not aware of any attacks attempting to use the vulnerability.

Microsoft has spent millions branding the Vista operating system as the most secure product it has produced, and it is counting on Vista to help turn the tide against a wave of software attacks now plaguing Windows-based computers.

Vista is critical to Microsoft’s reputation. Despite an almost four-and-half-year campaign on the part of the company, and the best efforts of the computer security industry, the threat from harmful computer software continues to grow. Criminal attacks now range from programs that steal information from home and corporate PCs to growing armies of slave computers that are wreaking havoc on the commercial Internet.

Although Vista, which will be available on consumer PCs early next year, has been extensively tested, it is only now being exposed to the challenges of the open Internet.

“I don’t think people should become complacent,” said Nand Mulchandani, a vice president at Determina. “When vendors say a program has been completely rewritten, it doesn’t mean that it’s more secure from the get-go. My expectation is we will see a whole rash of Vista bugs show up in six months or a year.”

The Determina executives said that by itself, the browser flaw that was reported to Microsoft could permit damage like the theft of password information and the attack of other computers.

However, one of the principal security advances of Internet Explorer 7 is a software “sandbox” that is intended to limit damage even if a malicious program is able to subvert the operation of the browser. That should limit the ability of any attacker to reach other parts of the Vista operating system, or to overwrite files.

However, when coupled with the ability of the first flaw that permits the change in account privileges, it might then be possible to circumvent the sandbox controls, said Alexander Sotirov, a Determina security researcher. In that case it would make it possible to alter files and potentially permanently infect a target computer. This kind of attack has yet to be proved, he acknowledged.

The Determina researchers said they had notified Microsoft of four other flaws they had discovered, including a bug that would make it possible for an attacker to repeatedly disable a Microsoft Exchange mail server simply by sending the program an infected e-mail message.

Last week, the chief technology officer of Trend Micro, a computer security firm in Tokyo, told several computer news Web sites that he had discovered an offer on an underground computer discussion forum to sell information about a security flaw in Windows Vista for $50,000. Over the weekend a spokesman for Trend Micro said that the company had not obtained the information, and as a result could not confirm the authenticity of the offer.

Many computer security companies say that there is a lively underground market for information that would permit attackers to break in to systems via the Internet.

Flaws Are Detected in Microsoft’s Vista,
NYT,
25.12.2006,
https://www.nytimes.com/2006/12/25/
technology/25vista.html 
 

 

 

 

 

 

 

 

 

Related > Anglonautes > Vocapedia

 

technology

 

cyberwar

 

 

 

home Up